You may be misinterpreting the Jetspeed security model. By default, Jetspeed uses RegistryAccessController which does NOT take into consideration what permissions are assigned to roles in the TURBINE_ROLE_PERMISSION table. Yes, it is a bit confusing to see that guest role only has view and info permissions in the Security Role Browser. I will make a note to make this little less confusing.
I think that you would like to create a "guest" role which is something in between anononymous and regular user. You can accomplish that but you will have to spend some time laying out your exact security requirements and then making adjustments to Jetspeed security constraints and registry entries referencing these constraints. If you didn't already, please read this document: http://jakarta.apache.org/jetspeed/site/security.html. Jetspeed does not ship with a classic guest role because you may accomplish most of it using the anonymous profile and without having the user to log in. Best regards, Mark Orciuch - [EMAIL PROTECTED] Jakarta Jetspeed - Enterprise Portal in Java http://jakarta.apache.org/jetspeed/ > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Monday, June 23, 2003 12:47 PM > To: Jetspeed Users List > Subject: Re: user security > > > > Hi, > > but where is the security for then? Theoretically, I can give view and > customization rights, or revoke them, and that would be very nice. Why is > that security implemented is it doesn't really work? Or should it work? > > Thank in advance, > > Bo van Weert > > > > > > > > > > > > > "Stuart > > Belden" Para: > <[EMAIL PROTECTED]> > <[EMAIL PROTECTED] cc: > > org> Fax para: > > Asunto: Re: user > security > 23/06/2003 > > 17:08 > > Por favor, > > responda a > > "Jetspeed > > Users List" > > > > > > > > > The reason this happens (I'm assuming this is the case for you) > is that the > anon user is a bit of a special case. > > See JetspeedSecurity.properties, the very bottom of the file under the > "Action Buttons" header: > > services.JetspeedSecurity.actions.anon.disable=true > services.JetspeedSecurity.actions.allusers.disable=false > > hth, > stu > > >>> [EMAIL PROTECTED] 06/22/03 11:57AM >>> > Hello, > > I wonder if the following is correct. I added a new user to jetspeed, and > then changed his role to "guest". Then, when I log in as this > user, I still > can minimize, configure etc. all the portlets (at least, the buttons are > shown). Why haven't the buttons disappeared? The configuration for this > user is the same as anonymous, and there the buttons are hidden... > I can also customize the control. I assumed that when I didn't give any > permissions, guests wouldn't be able to edit anything. Can anybody shed a > light on that? > > Thanks, > > Bo > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
